6 minutes

Non-Disclosure Agreements Need to Work for Both Sides in Every M&A Deal

With all the data and sensitive information being disclosed in an M&A process, Saswat Bohidar, of Hewlett Packard Enterprise (HPE), says it’s imperative for both sides of the transaction to make good use of non-disclosure agreements (NDAs). Without the proper guardrails, there could be serious consequences to the success of the deal.

Saswat Bohidar (pictured above) serves as associate general counsel for M&A and ventures at HPE. He advises HPE on its mergers, acquisitions, divestitures, spin-offs, joint ventures, investments and corporate reorganizations. Since joining in 2015, he has helped HPE execute some of its most complex matters, including its split with HP Inc.; the spin-offs of its enterprise services and software divisions, each worth over $8 billion; and its $2.3 billion joint venture in China with Tsinghua University; as well as key acquisitions, including Cray, Nimble Storage, SGI and SimpliVity.

Prior to joining HPE, Saswat practiced corporate law at Davis Polk and Freshfields Bruckhaus Deringer, where he advised on a range of domestic and multi-jurisdictional corporate matters, with a focus on M&A transactions.

Saswat, thank you very much for taking the time to talk to us about non-disclosure agreements (NDAs), a tool used in almost all M&A transactions. Can you briefly explain what they are and how an NDA for an M&A process may differ from other NDAs for other purposes?

Saswat Bohidar: Thank you for the opportunity. NDAs are indeed essential for 100 percent of M&A transactions. In the M&A context, the NDA does primarily three things: 1. It restricts the parties from disclosing confidential information that is shared between two parties contemplating a deal; 2. It restricts the use of any confidential data, such as trade secrets, customer lists, etc. from being used for anything other than M&A due diligence; and 3. It restricts parties from disclosing publicly that they are in deal talks. The third clause can be one of the more unique features of an M&A NDA but should be in every M&A NDA because leaks can have serious implications for the deal process. Sometimes M&A NDAs could include other unique clauses like standstill provisions and employee and customer non-solicits.

Why do you feel NDAs are necessary during an M&A process?

M&A due diligence inherently involves sharing large amounts of data that is of great strategic and competitive importance. We are talking about customer lists, product roadmaps, technology/software/code, employee compensation, etc. Without the proper guardrails, there is far greater risk of disclosure or misuse of such information, which could have very serious consequences, including for the receiving party.

“The M&A NDA can have various bells and whistles, but fundamentally it is a document that is intended to provide guardrails around the sharing and use of very sensitive data.”

– Saswat Bohidar

Who mainly uses this tool: buyers, sellers or both sides of the deal? And what exact concern/s are the users trying to mitigate with it?

Sellers have the most obviously important need for NDA protection since they are the ones primarily disclosing data. However, NDAs are also very important for buyers since 1. Buyers care about non-disclosure and avoiding leaks; 2. Sometimes buyers also share confidential data; and 3. Buyers want to be able to show that proper guardrails were in place and complied with if at any point down the road there is any complaint by a third party or regulator in the future about misuse of confidential data.

What are some key provisions and protections that should be included? What should parties be wary of agreeing to?

First, M&A NDAs should be mutual, meaning both sellers and buyers should be bound to its non-disclosure and non-use clauses. We still sometimes see NDAs that only bind the buyer and not the seller, on the theory that only the seller will be sharing confidential data, and this is simply not the case. Though certainly not to the same degree, a buyer will often share bits of confidential and strategic information. In addition, a buyer has an interest in maintaining the confidentiality of the deal process itself. Beyond this, it is important to have a relatively robust definition of confidential information, which should also include the fact that deal discussions are taking place. The parties should also have good standard carveouts for information that is not considered confidential (information that is already public, etc.).

For a buyer, particularly in tech, I would encourage a “residuals” clause that carves out small bits of information that are inadvertently “stuck” in the minds of employees, which cannot be unlearned. For a buyer, particularly a large serial buyer, I would warn against agreeing to broad non-solicits or standstills in an NDA. These clauses can bind you from the moment you sign the NDA, even if you receive nothing more than a single teaser or banker pitch. The non-use restriction in an NDA should be enough protection against poaching, etc., but if such clauses are to be agreed, they should be clearly tied to misuse of the data actually received by a buyer or limited in scope to employees who were involved in the deal process.

Deals are being done at an ever-greater speed. What are some common mistakes that dealmakers are making in their rush to get a deal done?

Signing broad non-solicits and standstills, as I mentioned above, is one. Sometimes you see draft sell-side NDAs without a term, meaning the restrictions apply indefinitely, which should be avoided. Generally speaking, it is always a good idea to have an attorney cast an eye on a draft, no matter how much you are in a rush. M&A attorneys are usually cognizant of timelines and are fast and responsive.

We’ve heard that founder-led targets – especially in the technology sector – are signing NDAs too quickly, only to later realize important restraints if a deal fails to close. How much is this a development specific to the tech sector, or does it in fact apply more generally to founder-led businesses, with less experience with these types of negotiations? 

I am always worried for early stage founder-led targets – they typically do not have in-house legal teams, and the founder/CEO, while they may be gifted in many ways, may not have enough experience in negotiating contracts. Our form NDA is intended to be fair and includes good protections for sellers/targets, but this may not always be the case. And while I have not seen specific cases in the NDA context, in commercial and other agreements, early stage tech companies often agree to broad or onerous non-solicits, non-competes and IP provisions, which are usually part of the standard paper of large corporates and leave little room for negotiation.

If there is one piece of advice you would give dealmakers in the context of NDAs, what would it be?

The M&A NDA can have various bells and whistles, but fundamentally it is a document that is intended to provide guardrails around the sharing and use of very sensitive data. Luckily, it is also the most commonly executed M&A agreement and the language for it has been polished and fine-tuned over the years, so starting from a good standard template can go a long way towards a quick and painless negotiation and execution. Finally, the NDA is only a part of a clean and disciplined due diligence process – it should be coupled with other protections like clean teams, well-managed and properly restricted data rooms, use of third-party providers to act as buffers for sensitive data, and proper education of all those involved in a deal diligence process.

Saswat, many thanks for sharing your insights.

Thank you.

Matt Wells